Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop Up Problem


  • Please log in to reply

#1
kill_hXc

kill_hXc

    Member

  • Member
  • PipPipPip
  • 103 posts
Hi,

For about a week, there has been a pop-up appearing every time I boot/reboot my computer. It reads:

C:\WINDOWS\Config\lsass.exe

Could not be found blah blah blah.

How can I get rid of it?
  • 0

Advertisements


#2
SRX660

SRX660

    motto - Just get-er-done

  • Technician
  • 4,345 posts
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token. More info

Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm! If there is a lsass.exe in any other folder it is probably the sasser worm.

Virus with same name:
W32.Nimos.Worm - Symantec Corporation
W32.Sasser.E.Worm (Lsasss.exe) - McAfee
W32.HLLW.Lovgate.C@mm - Symantec Corporation

How do you tell if you have a sasser worm attack?

Look here

http://ask-leo.com/w...do_if_i_am.html

SRX660
  • 0

#3
kill_hXc

kill_hXc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Thanks for that. Having trouble actually finding anything which helps me though...! I was really just looking for a series of instructions telling me what to do.

I have Deep Scanned my PC with a fully updated BitDefender Anti-Virus program (which has all the firewall, live protection etc.) and also scanned with SpyBot Search and Destroy (fully updated version).

It can't find it...
  • 0

#4
SRX660

SRX660

    motto - Just get-er-done

  • Technician
  • 4,345 posts
If the file was in correct directory, it is probably the legitimate lsass.exe and you need to replace it. You can copy the Lsass.exe file from your back up media into the C:\Windows\System32\ folder.

The backup copy of Lsass.exe can be found on your original Windows install disk in the folder F:\i386\lsass.ex_ (I'm guessing that "F:" is the identification of your CDROM drive. If not, use "E:" or similar as required).

Because the backup copy is compressed, you need to copy the .ex_ file into your System32 folder, then rename it from ".ex_" to ".exe".

You might end up needing to go into the Recovery Console to do this: Wown.com has some very useful details on using Recovery Console as needed.

http://www.windowsne...s/wxprcons.html

If the COPY command doesn't do the trick, try using EXTRACT instead.

I hope this helps you restore your system without having to reinstall Windows.



There is also a fix suggested on this forum website that may help you.

http://www.techspot....sexe-error.html

SRX660
  • 0

#5
anzenketh

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post a HiJackThis Log in THAT forum. If you are unable to run and/or post a HJT log, then post that in your initial post in the topic you create in that forum.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP